You do not need to register to review the forum posts. You will need to register before you can post.
To register, create your own username/password, as this forum login information is not related to any other login details you have with hostek.com.

How Did The Server Get Hacked?

My site got hacked into last night along with others. I know you are working on the issue but how did the hack happen? Should we be changing our passwords? Any information stolen? The server that has our Credit cards was that hacked too?

A customer had an outdated version of joomla installed. A vulnerability in Joomla was exploited that allowed a script to process that injected information into the index files on the sites. We found the problem and disabled that site.

Passwords were not compromised, but it's always a good idea to change the password (using a strong password: ie, upper case, lower case, number(s), characters, etc) from time to time.

Credit card data for our accounts are on a totally isolated server, so no worry there. Additionally they are encrypted of course.

NOTE: If you re-upload your index file, the site will start working right away.

Update: Sept 28, 2010: I meant to come back and update this forum back in April and forgot. I wanted to mention that we have implemented several new security measures on the cPanel servers that should prevent this from happening in the future.

As Brian has recommended, I will be changing all passwords (including database user and email accounts) ASAP and ensure they follow "strong password" format. There is a forum thread about that here.

The good news about this is that there is not a general failure of security consciousness with the webmasters. However, I would personally ask everyone to review your sites and code and ensure you are as tight and up-to-date as you can be. If you have downloaded and are using third-party scripts (ones that are not offered by Hostek), then be sure you understand what and how they are doing what they are doing so that you can review the security measures in place, or the lack of them. Though I don't use these sorts of scripts, I am reviewing my own code now.